Go to listing page

Cyware Daily Threat Intelligence, June 16, 2021

Cyware Daily Threat Intelligence, June 16, 2021

Share Blog Post

Hades ransomware is up for a new game as researchers shed light on distinctive tactics used by the gang. One of these involves the use of the Tox instant messaging service for communication, a technique that has not yet been observed with other ransomware families.

The complexity and sophistication of threat actors continue to surprise researchers as details of new DDoS and cryptojacking attacks come to the light. A malware called DirtyMoe has returned after a long hiatus to be part of these attacks. It is deployed via the PurpleFox exploit kit.

Unpatched VMware servers continue to serve as a channel for threat actors looking to launch remote attacks. Organizations are, therefore, urged to patch the servers to stay safe from such attacks.

Top Breaches Reported in the Last 24 Hours

Data breach incident reported
A data breach at Alibaba’s shopping operation Taobao has exposed the usernames and phone numbers of a billion users. The information was lifted from the site by a crawler developed by an affiliate marketer.

Top Malware Reported in the Last 24 Hours

DirtyMoe malware spotted
DirtyMoe is a complex malware used in cryptojacking and DDoS attacks. Linked to Chinese threat actors, the malware is currently being deployed via the PurpleFox exploit kit.

NFT users tricked
NFT creators and digital artists were targeted in a Redline malware campaign that helped the threat actor swipe their profits. According to reports, the attacker impersonated NFT creators and approached Twitter users with business deals that tricked them into downloading and running a malware-laced file.

Hades ransomware evolves
The Hades ransomware gang has added multiple distinctive tactics to chase high-value targets for greater profits. One of the tactics involves the use of Tox instant messaging service for communication. The attacks have been attributed to GOLD WINTER, a financially motivated threat actor. 

Top Vulnerabilities Reported in the Last 24 Hours

Peloton Bike+ bug
A security vulnerability in the Peloton Bike+ and Peloton treadmill equipment could expose gym users to a variety of cyberattacks. The flaw, which currently has no CVE details, would even allow a hacker to gain remote root access to the Peloton’s tablet. Following the discovery, the firm has issued a patch in the latest version of its firmware.

Vulnerable VMware servers still at large
Around thousands of internet-facing VMware vCenter servers still harbor critical vulnerabilities, patches for which have already been released. Two of these flaws are tracked as CVE-2021-21985 and CVE-2021-21986.

Instagram addresses a flaw
Instagram has addressed a new flaw that allowed anyone to see private, archived posts or stories of other users without following them. This flaw also revealed other details including likes, comments, save count, display_url, image.uri, and Facebook linked page.

Vulnerable ThroughTek P2P SDK
A critical bug discovered in the ThroughTek P2P SDK can be exploited to gain remote access to camera feeds. The vulnerability, tracked as CVE-2021-32934, impacts the data transferred between local devices and unsecured remote servers. The patch for the flaw has been issued in an updated version of the SDK, which is used by multiple security camera manufacturers.

Flawed Schneider PowerLogic devices
Six vulnerabilities discovered in some older Schneider Electric PowerLogic products can be abused to remotely take control of devices or disrupt them. Five of these flaws are rated critical or high severity and are caused by improper input validation. The sixth one is related to the password recovery mechanism. Firmware updates for some of the affected PowerLogic products have been issued to address the flaws.

 Tags

hades ransomware
ddos attack activities
dirtymoe malware
noxplayer android emulator

Posted on: June 16, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.